CVE-2025-53006

| EUVD-2025-19715 CRITICAL
2025-07-02 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 16, 2026 - 01:55 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 01:55 euvd
EUVD-2025-19715
PoC Detected
Jul 10, 2025 - 15:16 vuln.today
Public exploit code
CVE Published
Jul 02, 2025 - 15:15 nvd
CRITICAL 9.8

Tags

Information Disclosure PostgreSQL Dataease

Description

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference lies in that "sslfactory" and related parameters need to be triggered after establishing the connection. Other similar parameters include "sslhostnameverifier", "sslpasswordcallback", and "authenticationPluginClassName". This issue has been patched in 2.10.11.

Analysis

A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.

Technical Context

Vulnerability type: remote code execution. CVSS 9.8 indicates critical severity with likely remote exploitation vector. Affects DataEase.

Affected Products

['DataEase']

Remediation

Monitor vendor channels for patch availability.

Priority Score

69
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +49
POC: +20

Share

CVE-2025-53006 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy